Reverse-Engineering Instruction Encodings

Binary tools such as disassemblers, just-in-time compilers, and executable code rewriters need to have an explicit representation of how machine instructions are encoded. Unfortunately, writing encodings for an entire instruction set by hand is both tedious and error-prone. We describe derive, a tool that extracts bit-level instruction encoding information from assemblers. The user provides derive with assembly-level information about various instructions. Derive automatically reverse-engineers the encodings for those instructions from an assembler by feeding it permutations of instructions and analyzing the resulting machine code. Derive solves the entire MIPS, SPARC, Alpha, and PowerPC instruction sets, and almost all of the ARM and x86 instruction sets. Its output consists of C declarations that can be used by binary tools. To demonstrate the utility of derive, we have built a code emitter generator that takes derive's output and produces C macros for code emission, which we have then used to rewrite a Java JIT backend.